---
title: "History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks | Phish Protection"
description: "History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks: History of Phishing: How Phishing Attacks."
image: "https://phishprotection.com/images/og-default.png"
canonical: "https://phishprotection.com/history-of-phishing/"
---

#  History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks 

## **History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks**

_Phishing can be defined as an attempt by hackers or cyber criminals in which they try to lure computer or internet users into divulging their personal or sensitive financial information through a maliciously crafted message or an e-mail_. This sensitive or confidential information may include birthdates, passwords, credit card details, and social security numbers. The hackers disguise themselves as an official entity such as authorities from the tax department or employees of a bank to gain the victim’s trust.

The term phishing and its concept can be traced back to the 90s through America Online (AOL). A group of hackers called themselves as warez community and impersonated as AOL employees. This group is also known as the first “phishers.” They collected **login credentials** and personal information from AOL users.

Today phishing is evolving into a profitable business for hackers. According to estimates, around _**156 million** phishing e-mails get delivered every day\*\*,\*\*_ resulting in more than 80,000 clicks!

### **The Story Behind The Name “Phishing”**

\_Some say the term phishing got influences from the word fishing. \_Analogous to fishing, phishing is also a technique to “fish” for usernames, passwords, and other sensitive information, from a “sea” of users.

Hackers generally use the letter “ph” instead of “f” and therefore initially they were known as phreaks. The creator of the infamous Blue Box, John Draper, aka Captain Crunch, coined the term [Phreaking](https://en.wikipedia.org/wiki/Phreaking). Phreaking refers to the technique of hacking telecommunication systems.

![Anti Phishing Services](https://media.mailhop.org/phishprotection/images/2020/02/anti-phishing-services.png) ![Anti Phishing Software Download](https://media.mailhop.org/phishprotection/images/2020/02/anti-phishing-software-download.png) 

### The Origins Of Phishing- AOL Attacks in the ’90s

During the 90s, [AOL](https://www.aol.com/) was one of the leading internet service providers and had over a million customers subscribed to their service. This massive popularity of AOL grabbed the attention of hackers. People trading with **pirated and illegal software** and tools used AOL for their communication. They formed a group called the warez community, thus sowing the first seeds of phishing.

#### Algorithms To Create Random Credit Card Numbers

Initially, the members of the _warez community started stealing user details, including username, password, and other personal information\*\*.\*\*_ Using this stolen information and along with an algorithm they developed, they started generating random credit card numbers.

These credit card numbers were used to open new AOL accounts and used for various nefarious purposes like spamming other AOL members. AOL finally put an end to this phishing saga by updating its security measures.

#### Switching To Impersonation Attacks

With AOL bringing an end to the credit card number racket, hackers started to look for other techniques to trick users. They started using AOL messenger and created **spoof e-mails** impersonating as AOL employees to message AOL customers.

The messages were meticulously crafted and boasted the same colors, fonts and text used in AOL e-mails. In these fake e-mails, hackers asked people to verify their AOL accounts and other personal information.

Unaware AOL users fell into the trap. The issue intensified as hackers created new AIM accounts and any account created through the internet cannot be banned or suspended by the AOL TOS department.

Finally, AOL sent warning messages and e-mails to its customers, asking them not to reveal their personal information through e-mail and messenger.

### **The Evolution Of Phishing, E-Gold, eBay, and PayPal Attacks**

_With the rise in eCommerce, hackers started focusing their attention on eCommerce customers and online payment systems._

Even though the attempt was unsuccessful, the first known **phishing attack** on eCommerce websites started with [E-Gold website](https://en.wikipedia.org/wiki/E-gold) on June 2001\. By 2003, hackers went onto register several new domains that resembled names of popular sites like eBay and PayPal. Then using some illicit worm software, they sent spoof e-mails to customers of eBay and PayPal. Customers who fell prey to these phishing e-mails got tricked into providing their credit card details and other personal information.

By early 2004, phishing evolved into a profitable business and hackers started attacking banks, enterprises, and their customers. One of the primary weapons used by hackers during that time was using popup windows to gather sensitive information from unsuspecting users. From thereon, _hackers started devising various techniques, including [spear phishing](/content/spear-phishing-prevention/), vishing, smishing, keylogging, content injection, etc_.

![Anti Phishing Solutions](https://media.mailhop.org/phishprotection/images/2020/02/anti-phishing-solutions.png) ![Anti Phishing](https://media.mailhop.org/phishprotection/images/2020/02/anti-phishing.png) 

### **How Phishing Works?**

The basic idea behind phishing is simple. _Adversaries take advantage of software and security weaknesses of the employee and organization network_. They create spoof e-mails stating that their account got suspended asking them to log in to reactivate their account and get their usernames and passwords.

While many may think otherwise, phishing attacks are cleverly planned and **meticulously executed**. Adversaries carry out the process in stages, which include planning, setup, assault, collection, and identity theft. After a successful attack takes place, the cybercriminals evaluate the successes and failures of the attack. Then, they make a call on whether to coordinate another scam.

Users start realizing about the scam only when their account is locked, or after the adversaries drain out the money from their bank account.

### **Various Forms Of Phishing**

- _While phishing attacks are mostly carried out through fake e-mails_, some hackers install malware and spam in the victim’s system. The [malware](/products/malware-and-ransomware-protection/) slowly gathers all the information from the computer, including the contacts from the address book, personal information, their browsing habits, etc.
- Most of the time, people in high positions like CEOs, Managers, etc. are targeted to reap huge rewards. This form of attack is known as **whaling**.
- Spear Phishing is another phishing technique, where a person gets targeted. Before sending spear-phishing e-mails, hackers study the behavior of these individuals using malware attacks and devise e-mails that look more personalized. This kind of highly targeted e-mails makes it much easier for hackers to lure the victim.
- _Vishing is another form of phishing technique_ where victims get tricked into revealing their bank account information. Hackers achieve this by making call-to-action phone calls to the victims.
- \_Smishing is a phishing method where users receive text messages containing malicious links. \_Clicking the link leads to a phishing website where they are asked to reveal personal information.
![Email Phishing Prevention](https://media.mailhop.org/phishprotection/images/2020/02/email-phishing-prevention.png) 

### **Conclusion**

The main reason that phishing attacks are on the rise is the lack of knowledge about the hacker’s tactics and techniques. Every day, hundreds of unsuspecting users lose their personal information, bank account details, and social security information. Unless people start educating themselves about phishing and treat every e-mail as a **phishing e-mail**, hackers will continue to evade the clutches of law and reap substantial monetary benefits.

### Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7\. On any device. With features you’d expect in more expensive solutions:

**All Plans Come With**

- Stops business email compromise (BEC)
- Stops brand forgery emails
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from web-based console

### Join 7500+ Organizations that use Phish Protection

[ 60-Day Free Trial ](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes

![Sys Admin1](https://media.mailhop.org/phishprotection/images/2020/03/sys-admin1.jpg) ![Itprofessional1 E1585030432965](https://media.mailhop.org/phishprotection/images/2020/03/itprofessional1-e1585030432965.jpg) ![Directorofit1](https://media.mailhop.org/phishprotection/images/2020/03/directorofit1.jpg) 

## Protect your inbox from phishing attacks

Start your 60-day free trial - no credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"21","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/phish-protection/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"Article","headline":"History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks","description":"History of Phishing: How Phishing Attacks Evolved From Poorly Constructed Attempts To Highly Sophisticated Attacks: History of Phishing: How Phishing Attacks.","url":"https://phishprotection.com/history-of-phishing/","dateModified":"2023-07-28T07:43:42.000Z","author":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection"},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/phishprotection-logo.png"},"description":"Enterprise-grade email security that protects businesses from phishing, ransomware, and email fraud with real-time threat detection and multi-layered protection.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://phishprotection.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897912","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Ransomware Protection","Business Email Compromise","Time of Click Protection","Advanced Threat Defense","Email Fraud Prevention","Phishing Awareness Training","Office 365 Email Security"]},"image":"https://media.mailhop.org/phishprotection/images/og-default.png"}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"History Of Phishing","item":"https://phishprotection.com/history-of-phishing/"}]}
```